Comparison of Use Cases Implementation for Data Identifiers vs Classifications
This section provides a detailed comparison of data identifiers and classifications use cases for different match conditions with instructions on implementing those use cases.
- ► Regular Expressions Match Use Cases with Implementation Details
-
Use Cases
Data Identifiers
(CASB DLP Policy Implementation)Classifications Implementation
Match on Skyhigh Built-In regular expressions
Use the Data Identifier rule to select one of the pre-defined categories
Create a classification to add one or more Skyhigh Built-In Advanced Patterns to classify your sensitive data. To achieve this use case, see Create Skyhigh Built-in Advanced Patterns.
Apply validation algorithms to Skyhigh Built-In regular expressions
Pre-defined regular expressions use built-in validation algorithms such as Luhn 10 to reduce false positives. The validation algorithms used are defined in Skyhigh documentation.
Create a classification to add one or more Custom Advanced Pattern lists using Skyhigh Built-In Advanced Pattern lists and apply built-in or custom validation algorithms to reduce false positives. To achieve this use case, see Create Custom Advanced Patterns using Skyhigh Built-In Advanced Patterns.
Match on Custom regular expressions
Use the Data Identifier rule to select up to five custom regular expressions or use the Regular Expression rule to create custom regular expressions
Create a classification to add one or more Custom Advanced Patterns to classify your sensitive data. To achieve this use case, see Create Custom Advanced Patterns.
Re-use Custom regular expressions
This use case is not supported Create a classification to add one or more existing Custom Advanced Pattern lists to classify your sensitive data. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.
Apply validation algorithms to Custom regular expressions
This use case is not supported Create a classification to add one or more Custom Advanced Pattern lists and apply any of the 100+ built-in validation algorithms to reduce false positives. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.
Set a threshold for the number of regular expression matches in the Advanced Pattern List
Use the Data Identifier or Regular Expression rule and set the Match Count value
Create a classification to set an advanced pattern threshold value to trigger the DLP policy when the specified number of regular expressions are matched.
For example, use the Skyhigh built-in advanced pattern list named Credit Card Number (Mastercard) and set the weight for the advanced pattern to 3 for threshold matching. To set the threshold in the Advanced Pattern classifications, see Create Advanced Patterns.
Count each match in an Advanced Pattern list only once
Use the Regular Expression rule and set the Count each match only one time option Create a classification to set Count each match string only one time option in the Advanced Pattern. A regular expression can be matched multiple times with different terms, but each matched term is only counted once. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.
Set different weights (scores) for each regular expression in a Custom Advanced Pattern list
This use case is not supported Create a Custom Advanced Pattern classification and edit the score of each regular expression on a case-by-case basis. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.
Match on Skyhigh Built-In and Custom regular expressions in specific sections of an email Use the Data Identifier or Regular Expression rule and set the Location option to match regular expressions on email subject and file metadata, or email subject, body, attachments and file content, or all sections of an email Create a classification and use the newly created classification in your Sanctioned or Shadow DLP policy to match the section of the email to look for sensitive text patterns in Header or Everywhere. To achieve this use case, see Create Advanced Patterns, Create Custom Advanced Patterns using Add Regex, or AI RegEx Generator for Custom Advanced Patterns.
Exclude keywords from triggering a match on regular expressions
Use the Data Identifier rule and set the Exclude option to exclude dictionaries of terms or a manually entered list
Create a Custom Advanced Pattern classification and add lists of keywords on the Exceptions tab to exclude specific keywords from being matched by the DLP engine. You can also add regular expressions as exceptions to reduce false positives. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.
Exclude regular expressions from triggering a match on regular expressions
This use case is not supported
Create a Custom Advanced Pattern classification and add lists of regular expressions on the Exceptions tab to exclude specific regular expressions from being matched by the DLP engine. You can also add keywords as exceptions to reduce false positives. To achieve this use case, see Create Custom Advanced Patterns using Add Regex or AI RegEx Generator for Custom Advanced Patterns.
Build complex matching rules by combining Skyhigh Built-In or Custom advanced pattern lists using OR, AND, and NOT operators
This use case is not supported Create a classification by selecting ‘any of’, ‘all of’, or 'none of' Skyhigh Built-In Advanced Patterns or Custom Advanced Patterns, and use AND to combine it with other Advanced Pattern definitions. Use OR to add new rule group conditions and define new Advanced Pattern definitions. To achieve this use case, see Create Custom Advanced Patterns.
- ► Proximity Match Use Cases with Implementation Details
-
Use Cases
Data Identifiers
(CASB DLP Policy Implementation)Classifications Implementation
Match on proximity between Skyhigh Built-In advanced patterns (regular expressions) and Skyhigh Built-In dictionaries (lists of keywords)
Use the Data Identifier rule to select any one of the pre-defined category with its associated dictionary
Create a classification to add one or more Skyhigh Built-In Advanced Pattern lists in proximity with one or more Skyhigh Built-In dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Proximity Use Cases.
Match on proximity between Custom advanced patterns (regular expressions) and Custom dictionaries (lists of keywords)
Use the Data Identifier rule to select up to five custom regular expressions in proximity with one custom dictionary or one of the three pre-defined dictionaries
Create a classification to add one or more Custom Advanced Pattern lists in proximity with one or more Custom dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Proximity Use Cases.
Match on proximity between Skyhigh Built-In and Custom Dictionaries (lists of keywords)
This use case is not supported Create a classification to add one or more Skyhigh Built-In dictionaries and their keywords in proximity with one or more Custom dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Proximity Use Cases.
Match on proximity between Skyhigh Built-In and Custom advanced patterns (regular expressions)
This use case is not supported
Create a classification to add one or more Skyhigh Built-In Advanced Pattern lists in proximity with one or more Custom Advanced Pattern lists to classify your sensitive data. To achieve this use case, see Proximity Use Cases.
Match on proximity between advanced patterns (regular expressions) and dictionaries (lists of keywords) with unique match criteria
Use the Data Identifier rule to select regular expression lists in proximity with keyword lists and enable the Count each match only one time option
Create a classification to add one or more Advanced Pattern lists in proximity with one or more Dictionaries, and configure the Match Criteria Settings in the proximity rule. You can customize the settings of the match criteria for your proximity rule to control how match strings are paired to trigger unique proximity matches. This option reduces false positives by counting each match string only once, eliminating non-unique matches. To achieve this use case, see Advanced Proximity Use Cases.
- ► Keywords or List of Keywords (Dictionaries) with Implementation Details
-
Use Cases
Data Identifiers
(CASB DLP Policy Implementation)Classifications Implementation
Match on Skyhigh Built-In lists of keywords
Use keywords to build rules by selecting one of the three pre-defined dictionaries
Create a classification to add one or more Skyhigh Built-In dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Create a Classification using Skyhigh Security Built-in Dictionary.
Match on Custom lists of keywords
Use keywords to build rules using a Custom Dictionary
Create a classification to add one or more Custom Dictionaries and their keywords to classify your sensitive data. To achieve this use case, see Create a Custom Dictionary.
Match on list of keywords only (without creating a Dictionary)
Use keywords to build rules using a comma-separated list
Create a Keyword classification to add a list of keywords that define sensitive data. Any match will count as detection. You can add multiple keywords, separated by commas for content classification. To achieve this use case, see Create a Classification using Keywords.
Count each match in a keyword list only once
Use keywords and set the “Count each match only one-time” option
Create a classification to set Count each match string only one time option in the Dictionary. Activating this option eliminates the duplicate matched keywords in a dictionary and ensures that each matched keyword is counted only once. To achieve this use case, see Skyhigh Built-In Dictionary or Custom Dictionary.
Match all keywords in a Dictionary list
Use keywords and set the “Match Criteria” to “All”
Create a classification to set the match threshold on the Classification editor equal to the number of items (keywords) found in the Dictionary list and to avoid counting duplicate keywords multiple times, enable the checkbox Count each match string only one time.
To achieve this use case, see Skyhigh Built-In Dictionary or Custom Dictionary.
Set a threshold for the number of keyword matches in the Dictionary
Use keywords and set the “Match Count” value
Create a classification to set a dictionary threshold value to trigger the DLP policy when the specified number of keywords are matched.
For example, you have chosen to use the Skyhigh built-in dictionary, which contains over 50 keywords. But you need only 20 random keywords from that dictionary to match and trigger an incident. To accomplish this, you need to set the weight for the dictionary to 20 for threshold matching. To set the threshold in the Dictionary classifications, see Skyhigh Built-In Dictionary or Custom Dictionary.
Set different weights (scores) for each keyword in a Custom Dictionary list
This use case is not supported
Create a Custom Dictionary classification and edit the score of each keyword on a case-by-case basis. To achieve this use case, see Set Advanced Dictionary.
Set the case sensitivity for each keyword in a Custom Dictionary list
Use Keywords and set the “Case Sensitive” attribute appropriately
Create a Custom Dictionary classification and set the case sensitivity of each keyword on a term-by-term basis. To achieve this use case, see Set Advanced Dictionary.
Exclude special characters from triggering a match on keywords By default, the Keyword rule allows all special characters to match on keywords Create a Custom Dictionary classification and add list of keywords along with special characters precisely to be matched by the DLP engine. This enables the DLP engine to exclude matches on similar keywords with other special characters to reduce false positives. To achieve this use case, see Create a Custom Dictionary.
Match on Skyhigh Built-In or Custom lists of keywords in specific sections of an email Use the Keyword rule and set the Location option to match keywords on email subject and file metadata, or email subject, body, attachments and file content, or all sections of an email Create a classification and use the newly created classification in your Sanctioned or Shadow DLP policy to match the section of the email to look for sensitive keywords in Header or Everywhere. To achieve this use case, see Create a Classification using Dictionary or Create a Custom Dictionary.
Allow partial string match for each keyword in the Custom Dictionary list
This use case is not supported
Create a Custom Dictionary classification and set the “Starts with” or “Ends with” flags appropriately for each keyword. To achieve this use case, see Set Advanced Dictionary.
Build complex matching rules by combining Skyhigh Built-In or Custom keyword lists using OR, AND, and NOT operators
This use case is not supported
Create a classification by selecting ‘any of’, ‘all of’, or 'none of' Skyhigh Built-In Dictionaries or Custom Dictionaries, and use AND to combine it with other Dictionary definitions. Use OR to add new rule group conditions and define new Dictionary definitions. To achieve this use case, see Create Complex Matching Rules using Boolean Logic.
Build complex matching rules by setting different thresholds for Skyhigh Built-In or Custom keyword lists This use case is not supported
Create a classification by selecting ‘any of’ or ‘all of’ Skyhigh Built-In Dictionaries or Custom Dictionaries, and set different thresholds for each Dictionary definition. To achieve this use case, see Set Threshold for Dictionaries.
- ► File Names Match Use Cases with Implementation Details
-
Use Cases
Data Identifiers
(CASB DLP Policy Implementation)Classifications Implementation
Match on file names Use File Name to build rules matching on either a custom list of file names, or a manually entered list
Create a classification to match a set of files based on exact file names such as finance_report_Q1_2024.xlsx and budget_presentation_2024.pptx which can be combined into one set.
File name sets can be created using plain text values with the "is" operator. To achieve this use case, see Create a Classification using File Name Set.
Match on partial file names
Use File Name to build rules matching on either a custom list of file names, or a manually entered list using glob patterns
Create a classification to match a set of files based on partial file names such as Q1, 2024-2025 which can be combined into one set.
File name sets can be created using plain text values with the "contains" operator. To achieve this use case, see Create a Classification using File Name Set.
Match on file extensions
Use File Name to build rules matching on either a custom list of file names, or a manually entered list using glob patterns
Create a classification to match a set of files based on file extensions such as PPS, PPT, and PPTX which can be combined into one set.
File extension sets can be created using Skyhigh predefined or custom file extensions. To achieve this use case, see File Extensions.
- ► File Size Match Use Case with Implementation Details
-
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation Match on file sizes (greater than, lesser than, or between)
Use File Size to build rules matching on files based on specific criteria
Create a classification to match and detect files based on file size ranges.
File size classifications can be created using operators (greater than, lesser than, or between), values, and units (bytes, kilobytes, and megabytes). To achieve this use case, see File Sizes.
- ► True File Type Match Use Case with Implementation Details
-
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation Match on files for specific file types
Use the File Type rule to match files based on specific file formats
Create a classification to match and detect the file using specific true file types such as Microsoft Word, Microsoft PowerPoint, Microsoft Word, and more. To achieve this use case, see True File Type.
- ► Document Properties Match Use Case with Implementation Details
-
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation Match on file metadata
This use case is not supported
Create a classification to match a set of document properties based on file metadata such as Author or Keywords (Tags), or Last Saved By which can be combined into one set.
Document properties set can be created using Skyhigh pre-defined or custom document properties(file metadata). To achieve this use case, see Document Properties.
- ► File Encryption Type Match Use Case with Implementation Details
-
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation Match on file for specific encryption type
This use case is not supported
Create a classification to match and detect the file using specific file encryption types such as Trellix Endpoint Encryption, Seclore Rights Management Encryption, and more. To achieve this use case, see File Encryption Type.
- ► Location in File Match Use Case with Implementation Details
-
Use Case Data Identifiers (CASB DLP Policy Implementation) Classifications Implementation Match on file section to limit the sensitive content of a document This use case is not supported Create a classification to match the section of the file to look for sensitive content in the Header, Footer, Body, or within the first X characters. The location in file match condition is limited to Word and PowerPoint documents. To achieve this use case, see Location in File.